Date: Mon, 13 Mar 2017 08:04:25 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r315191 - stable/11/sys/netpfil/ipfw Message-ID: <201703130804.v2D84PPu027898@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Mon Mar 13 08:04:25 2017 New Revision: 315191 URL: https://svnweb.freebsd.org/changeset/base/315191 Log: MFC r314715: Reject invalid object types that can not be used with specific opcodes. When we doing reference counting of named objects in the new rule, for existing objects check that opcode references to correct object, otherwise return EINVAL. PR: 217391 Modified: stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Mar 13 07:45:15 2017 (r315190) +++ stable/11/sys/netpfil/ipfw/ip_fw_sockopt.c Mon Mar 13 08:04:25 2017 (r315191) @@ -2662,7 +2662,14 @@ ref_opcode_object(struct ip_fw_chain *ch return (0); } - /* Found. Bump refcount and update kidx. */ + /* + * Object is already exist. + * Its subtype should match with expected value. + */ + if (ti->type != no->subtype) + return (EINVAL); + + /* Bump refcount and update kidx. */ no->refcnt++; rw->update(cmd, no->kidx); return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703130804.v2D84PPu027898>